[HN Gopher] Fun with Red Star OS
___________________________________________________________________
Fun with Red Star OS
Author : merlinscholz
Score : 190 points
Date : 2021-11-23 13:31 UTC (9 hours ago)
(HTM) web link (sizeofcat.ru)
(TXT) w3m dump (sizeofcat.ru)
| bo1024 wrote:
| Is it really necessary to run third-party javascript that "checks
| my browser" (collects information about me?) before letting me
| read the article?
| [deleted]
| echelon wrote:
| Cloudflare runs DDoS protection against a surprisingly many
| sites now. Often you don't even see the "checking your browser"
| screen, it just happens passively.
|
| While individual authors and publishers benefit substantially
| (caching, anti-DDoS, etc.), this is a huge net loss for the
| internet. It essentially entrenches Google and the rest of
| MAGMA as the forever winners of spidering the web. If you try
| to spin up your own crawler, you'll get hit by this bullshit.
| It's becoming impossible to bootstrap now.
| jeroenhd wrote:
| The usual method is to let Cloudflare collect that data
| passively, I like the honesty of letting the user see the DDoS
| protection in action better.
|
| At least this website doesn't require a captcha when you're
| visiting through TOR, that's better than most websites behind
| DDoS protection.
| darkcha0s wrote:
| Like most of the modern web, yes.
| macksd wrote:
| Was that not a proxy doing DDoS protection?
| Fnoord wrote:
| https://archive.md/1iqOG
| freeflight wrote:
| A bit older but quite relevant and entertaining; "Florian Grunow,
| Niklaus Schiess: Lifting the Fog on Red Star OS", from the 2015
| Chaos Computer Congress.
|
| https://youtu.be/8LGDM9exlZw
| oyebenny wrote:
| How do I get a copy of the any of the RedStar OS distro?
| boomboomsubban wrote:
| I have no clue where you get a copy provided by North Korea,
| but it's easy to find online. On the Internet Archive for
| example
|
| https://archive.org/details/RedStarOS
| emptyparadise wrote:
| That's a solid looking file manager. Finder for Linux!?
| teddyh wrote:
| Image caption says "KFinder".
| vilvo wrote:
| What is UnBangUI?
| solarkraft wrote:
| Of course this version is now super-outdated. Are there any new
| versions available?
| netsec_burn wrote:
| Red Star 4.0 (2017). Good luck finding it, I haven't.
| gjsman-1000 wrote:
| So far, even though we know Red Star 4 exists and has for
| years now, it's very elusive with (AFAIK) no disc images yet
| found.
|
| I think that there was a rumor that it was FreeBSD based
| instead of Linux based but don't quote me on that.
| [deleted]
| gjsman-1000 wrote:
| According to Wikipedia, a South Korean magazine got a copy,
| but they never uploaded the disc images.
|
| However, they did takes a few screenshots. Red Star OS 4 is
| still MacOS-inspired but with a little more modern of a Mac
| look - think Mavericks (Red Star OS 3 inspiration) ->
| Yosemite (Red Star OS 4.0 inspiration). With a touch of
| Chrome OS and GNOME in there for good measure.
|
| https://www.nkeconomy.com/news/articleView.html?idxno=3191
|
| https://www.nkeconomy.com/news/articleView.html?idxno=3213
|
| https://www.nkeconomy.com/news/articleView.html?idxno=3292
| koffiedrinker wrote:
| Did they take photos of their screen because it was
| running on a computer they didn't own or did they really
| have access to the ISOs (and for some reason didn't take
| screenshots)?
| gjsman-1000 wrote:
| No idea. Could have been a visitor to North Korea who
| took photos on the tour (North Korea now does sort-of
| permit photos in certain areas to tourists).
| IntelMiner wrote:
| If I remember rightly, 3.0 was sold in shops in North
| Korea? At least that's what the talk on it mentioned
|
| Might just be a game of finding someone who goes to NK for
| teaching or the like to pick up a copy while there for
| archiving
| smoldesu wrote:
| If you're familiar with the classic "Windows Destruction" series,
| you'll be pleased to hear that there is also a fairly recent Red
| Star Destruction entry as well:
| https://www.youtube.com/watch?v=k9BOYttRtN0
| jeroenhd wrote:
| > Spoiler, he doesn't give a fuck about your hentai porn.
|
| These operating systems do actually contain code that add a
| signature belonging to your install of the machine to pictures
| and video files, so be wary if spreading your hentai porn in
| Kim's country because it can be traced back to you.
|
| That said, there's a lot of panic about fears of having it reach
| out across the internet and infect your entire network without
| any real basis. If you're comfortable with running Windows
| 11,you're already sharing more data than the DPRK could possibly
| want to extract from you, only the DPRK can't use that data and
| the Five Eyes most likely can.
|
| The Glorious Leader liked his Macbook so he ordered his lackeys
| to build North Korea their own Macbooks with a shitty font and
| tracking submitted to their services instead it Apple's.
| mynameisash wrote:
| > If you're comfortable with running Windows 11,you're already
| sharing more data than the DPRK could possibly want to extract
| from you
|
| Citation needed. Sure, Windows collects a lot of telemetry, but
| Microsoft takes great pains to ensure these data are privacy-
| protecting. On the other hand, if you assume an OS from an
| authoritarian regime is collecting info, it would seem that by
| definition, they want to know exactly who you are.
|
| I'll even give Apple and Google the benefit of the doubt that
| they're similarly (to Microsoft) concerned about protecting
| PII.
| tejohnso wrote:
| > If you're comfortable with running Windows 11,you're already
| sharing more data than...
|
| Do you know of any good writeups on the details of Windows 11
| data sharing?
| no_time wrote:
| How about MS stealing executables and running them on their
| own servers on the default config of win10?
|
| If you had a build of your own application with hardcoded
| keys in the binary, there is a high chance MS has it now.
|
| https://news.ycombinator.com/item?id=21180019
| echelon wrote:
| That's absolutely appalling.
|
| I used to exempt Microsoft as the "one good MAGMA" under
| Nadella's leadership, but they're clearly stepping back
| into evil territory:
|
| - stealing your Windows files and secrets
|
| - capturing our industry with Github (the development
| ecosystem is accreting here)
|
| - Github Co-pilot training on GPL
|
| - Microsoft pay website injection in Edge
|
| - heinous Xbox DRM
|
| - LinkedIn is still scummy and full of anti-patterns
| vkou wrote:
| > - Github Co-pilot training on GPL
|
| Why is training Github on GPL bad, but training a
| language model on public domain books and texts not?
|
| Edit: Thank you for explaining the problem.
| LogonType10 wrote:
| Because code derived from GPL code is also GPL. Co-pilot
| (sometimes) intelligently copies and pastes GPL code.
| laumars wrote:
| > _Because code derived from GPL code is also GPL._
|
| I'm not happy with the Co-Pilot situation either but for
| the sake of correctness it should it should be pointed
| out that your point hasn't actually been tested in court
| with regards to machine learning. In fact some lawyers
| have suggested the GPL might not cover that particular
| scenario.
| onkoe wrote:
| No one should want to test this - it's terrifying for
| companies and developers alike.
| ayushnix wrote:
| Is CoPilot and its models open source like the GPL
| software it trains on are?
|
| There's a difference between public domain and GPL. You
| can do whatever you want with public domain works and
| nobody can say otherwise. That's not the case with GPL.
| mmh0000 wrote:
| Straight from the horse's mouth:
|
| https://docs.microsoft.com/en-us/windows/privacy/required-
| wi...
|
| Keep in mind, this is what is logged if you select "basic"
| telemetry. By default Windows logs even more than what is
| detailed there. It is an insane amount of data.
| trasz wrote:
| >These operating systems do actually contain code that add a
| signature
|
| [citation needed]
| jeroenhd wrote:
| https://linuxreviews.org/Red_Star_OS mentions the UUIDs being
| added. More details are available in talks like the one from
| the CCC: https://www.youtube.com/watch?v=8LGDM9exlZw
| nix23 wrote:
| https://www.bbc.com/news/world-asia-35188570
|
| >>The watermarking function...
| simonebrunozzi wrote:
| > add a signature belonging to your install of the machine to
| pictures and video files
|
| But why?
| sodality2 wrote:
| > > add a signature belonging to your install of the machine
| to pictures and video files
|
| > But why?
|
| Any media negative about the regime can be traced back to its
| source so they can be suicided.
|
| edit, more specific info from
| https://www.reuters.com/article/northkorea-computers-
| idUSKBN...:
|
| >Red Star also addresses a more pressing concern: cracking
| down on the growing underground exchange of foreign movies,
| music and writing.
|
| >Illegal media is usually passed from person-to-person in
| North Korea using USB sticks and microSD cards, making it
| hard for the government to track where they come from.
|
| >Red Star tackles this by tagging, or watermarking, every
| document or media file on a computer or on any USB stick
| connected to it. That means that any file could be traced
| back to anyone who had previously opened or created the file.
| BuildTheRobots wrote:
| The KGB used to require all typewriters to be registered, so
| they could identify the authors of anything they found
| objectionable.
|
| Being able to track who produced an image that's doing the
| rounds spreading "propaganda" seems like it adds a lot of
| value (from an authoritarian point of view, at least).
| whimsicalism wrote:
| LOL yeah the US does the exact same thing.
|
| I would pay to read a newspaper that (somewhat satirically)
| reported on the US the way we report on our adversaries.
| Complete with referring to police as "security forces",
| including wild speculations about the backstabbing behind-
| the-scenes of their top politics, etc.
| pessimizer wrote:
| "Regime" and "oligarchs" are my big annoyances. If you
| used words and phrases like these for domestic stories
| consistently, they'd lose all of their propaganda value.
|
| Hell, "propaganda" is the archetypal example. All
| communications with the primary purpose of advocacy were
| referred to as propaganda until the propaganda industry
| came up with the term "Public Relations."
|
| It's a bit like the Anglo-Saxon/Latin split in English,
| where the Anglo-Saxon word means the cheap, commonplace
| version of whatever the Norman word is. English for the
| last century or so has had a sort of "communist register"
| that you're required to use about things that are
| officially disapproved of.
| vkou wrote:
| > I would pay to read a newspaper that (somewhat
| satirically) reported on the US the way we report on our
| adversaries
|
| If you really want this, just start reading foreign news.
| whimsicalism wrote:
| I read quite a bit of news, but unfortunately only speak
| english.
|
| It is not quite the same - newspapers put out in english
| by foreign adversaries are usually targeting foreign
| audiences, so they are not written in quite the same
| fashion as how American outlets describe regimes in other
| countries.
|
| The closest I've found is SCMP English in Beijing, which
| (at least for print) is apparently different (and more
| slanted) than the English version found in the US.
| ceejayoz wrote:
| The Washington Post does this occasionally.
|
| https://www.washingtonpost.com/opinions/2020/05/29/how-
| weste...
|
| https://www.washingtonpost.com/news/global-
| opinions/wp/2017/...
|
| "'Culturally, Americans are a curious lot,' said Andrew
| Darcy Morthington, an United Kingdom-based commentator
| who once embarked on a two-year mission trip to teach
| rural American children and therefore qualifies as an
| expert on U.S. affairs."
| hutzlibu wrote:
| Well, just try some russian or chinese newspapers.
|
| I do it at times.
|
| There surely is wild propaganda mixed in, but also some
| very clear analysis of a certain cituation. More so, if
| for example russia is reporting on US-China crisis. Or
| vice versa.
| shlurpy wrote:
| You have to take into account bias even then. Negative
| bias and propaganda can be just as strong. But yeah, I
| personally read German news or AL Jazeera or whatever.
| zepto wrote:
| > Complete with referring to police as "security forces",
|
| The western press goes in to far more detail about how
| oppressive, brutal and unaccountable American police are
| than any other country. There is pretty much an unending
| stream of criticism of the police.
|
| > including wild speculations about the backstabbing
| behind-the-scenes of their top politics, etc.
|
| If you have never seen such speculation about American
| politicians, I assume you have never looked at a
| newspaper.
| monocasa wrote:
| Eh, it's not quite the same. There was some foreign paper
| that described the George Floyd protests as 'tensions
| continue to rise over the death of an ethnic minority in
| a agrarian province at the hands of state security
| forces' that made me chortle when I read it.
| zepto wrote:
| It's not quite the same - it's _far_ more critical.
| monocasa wrote:
| I disagree.
| zepto wrote:
| 'tensions continue to rise over the death of an ethnic
| minority in a agrarian province at the hands of state
| security forces'
|
| Is absolutely nothing compared to the mountains of
| analysis of how racist and brutal the US police are,
| likening them to slave patrols, citing statistics about
| how often unarmed black people are killed, criticizing
| the Supreme Court for qualified immunity, explaining the
| overpolicing of trivial crimes in poor neighborhood and
| underpolicing of serious crimes that harm this same
| neighborhoods, the school to prison pipeline etc. etc.
|
| You'd be forgiven for thinking we live in an open society
| with a free press where people are unafraid to criticize
| the government and police.
| monocasa wrote:
| It's a cute, but direct attack on the Imperialism that
| underpins the issues, including the function of police
| domestically.
|
| And the police here are racist, brutal, and mostly above
| legal consequences. The media here generally stops short
| of examining the power structures that makes that the
| case. It's more oh dearism than actionable information.
|
| And have you seen China's media? The allow and even
| encourage complaints about local government, including in
| mass media. What you've stated about "an open society
| with a free press" not some high bar of freedom, but
| generally used as a pressure release valve for malcontent
| that does nothing to address why it's like that in the
| first place. They, like the US, love a good story that
| let's them "fight corruption" in a way that doesn't
| change why the corruption was allowed to fester in the
| first place.
| zepto wrote:
| > They allow and even encourage complaints about _local
| government_.
|
| But not the communist party or it's officials, eh?
|
| You can't seriously be claiming that China is a more open
| society which allows greater media analysis of it's power
| structures.
| monocasa wrote:
| I claimed nothing of the sort; I'm not sure how you
| jumped to that.
|
| I'm simply pointing out that the ability for media to
| complain about the local actions of security forces, .gov
| policy decisions, and the occasional high ranking
| official who serves as a focal point for malcontent does
| not make for a free and open society, using an example
| that we can both agree is neither free nor open.
| zepto wrote:
| > media to complain about the local actions of security
| forces, .gov policy decisions, and the occasional high
| ranking official who serves as a focal point for
| malcontent does not make for a free and open society,
| using an example that we can both agree is neither free
| nor open
|
| Yes. I assert that this describes China, but not the US.
|
| Are you claiming it also describes the US?
|
| Which powerful individual or institutions do you think
| are protected from criticism?
| jszymborski wrote:
| The issue I take with this point is that:
| 1) There's plenty of criticism of the West from within
| its many nations borders 2) There's far more from
| outside its borders 3) Criticism of crushingly
| oppressive dictatorships is strictly forbidden from
| within
|
| With that context, Western criticism of oppressive
| dictatorships serves a vital purpose, and so does fair
| criticism of the West.
| tenebrisalietum wrote:
| How could a specific typewriter be tracked from a typed
| document?
| simpleguitar wrote:
| He's talking about old mechanical style typewriters. Due
| to mechanical tolerances of the time, the letter shape
| and the alignment of the type bar would be slightly
| imperfect, and unique to that typewriter, acting as a
| fingerprint.
|
| It's the reason why ransom notes from old movies are made
| of letters cut out from different magazines and
| newspapers. No handwriting, and no typewriter.
|
| Did you know that US Secret service has samples of ink
| from various ball point pens?
| (https://www.12news.com/article/news/nation-world/look-
| inside...)
| lostcolony wrote:
| So looking at a document, you'd not be able to know what
| typewriter it was written from, no.
|
| However, looking at a document, you may be able to tell
| the make and model of the typewriter, due to different
| typefaces and known mechanical differences across the
| make/model. That, coupled with a location or list of
| suspects, would allow you to examine specific
| typewriters. You may be able to determine a letter was
| written from a -given- typewriter, as machining
| differences in the keys, and differences in wear and tear
| over time can lead to minute differences in how the ink
| adheres. If you also have a letter written by a specific
| suspect, the variation in typing (how hard they hit the
| keys, common typing mistakes, etc) can lead to greater
| certainty of the author.
| reaperducer wrote:
| _So looking at a document, you 'd not be able to know
| what typewriter it was written from, no._
|
| Actually, yes. Typewriters, especially well-used ones
| develop their own quirks. The "e" is a little higher or
| lower. The "o" gets a little filled with ink. It's
| mechanical, so parts wear, things get a bit off, and with
| enough use, each typewriter develops its own fingerprint.
|
| It's been a thing in mystery novels at least back to the
| 1920's.
| LogonType10 wrote:
| How reliable is this compared to bite marks?
| lostcolony wrote:
| Actually, no. If you were to hand someone a typed
| document, you would not know "Ah-hah. I can tell by the e
| that is precisely 3 nanometers above the line, and the
| slight smudging of the ink on the qs, that this was
| written by Joe Schmoe's typewriter, which I have
| "registered", but which I otherwise do not have access
| to". You say it yourself; typewriters "develop" quirks,
| in addition to any they start with, meaning that even if
| you had collected samples of every typewriter at the time
| of sale, and had a way to compare a document against all
| of them (despite this being pre-computer, given the
| prevalence of typewriters), you would not be able to find
| a match.
|
| What -you- are describing, is "Was this particular
| document written on this particular typewriter", which is
| possible by comparing it against a document you know to
| have been written by that typewriter, and which I detail
| in my answer which you didn't fully read ("That (...)
| would allow you to examine specific typewriters. You may
| be able to determine a letter was written from a -given-
| typewriter").
|
| This is identical to ballistics; finding a fired bullet
| does not tell you the specific gun that fired it (but may
| tell you the model/make; certainly, it will tell you the
| type of ammunition it takes). But if you have a bullet of
| known provenance (i.e., one you fired from a suspect's
| gun), you can tell if the markings left on the bullets
| match.
| Maursault wrote:
| He is innocen.
| [deleted]
| PeterisP wrote:
| The letter 'blanks' which hit the ribbon in a typewriter
| are imperfect, as all physical objects, so having a
| sample and a registered owner can be used tell that this
| document was written on this particular typewriter
| because e.g. all their letters 'F' have a tiny scratch in
| just the right place.
|
| It's similar to e.g. identifying specific guns by the
| markings left by imperfections of the barrel, you'd also
| take sample shots which can then be matched to the
| specific gun.
| fs111 wrote:
| printers do that too with yellow dots
| oleg_antonyan wrote:
| Nowadays they're trying to enforce social media and
| messengers to require your phone number (most of them do
| this already anyway), and to get SIM-card you need your ID
| document. This way they can track down who posted a link to
| "Putin's palace", for example. And thanks to enforced data
| localization they may not even need help from social
| platform itself - they pwn hard drives.
|
| The difference between this and Apple's data collection,
| for example, is that Apple cannot use this information to
| imprison or kill you. At least until they deploy automatic
| scanner for cp in your photos.
| Someone1234 wrote:
| The US still does this _today_ via the MIC:
|
| https://en.wikipedia.org/wiki/Machine_Identification_Code
|
| That's why your color printer cannot print in B&W when
| you're out of color ink (or at least one reason).
| lights0123 wrote:
| > which certain color laser printers and copiers
|
| Inkjet printers are far more likely to not let you print
| without color ink, because they need to add the color
| inks to produce a darker black. Laser printers are far
| more likely to let you print without color toner (and as
| such, I've never worked with a laser printer that
| requires non-empty color toner cartridges), because they
| don't need to add additional colors for black.
| zbonk wrote:
| Can someone please see the "view source" of this page and tell me
| if what I'm seeing is malware? I'm seeing a LOT of scary-looking
| UNIX code (PID, root, IPs etc.)there that doesn't appear on the
| site, is my computer now compromised?
| noslot wrote:
| They're hidden behind expand elements: View the original
| iptables rules
| niyaven wrote:
| Nothing to worry about, this is actually on the site. However
| the output is collapsed by default because it's very long.
| CTRL+F "View the original iptables rules" and click it, you
| will see what you saw in the source.
| zbonk wrote:
| THANKS! I was literally about to format my entire computer
| and hard-reset my router. I freaked out badly. I really
| shouldn't be snorting DMT all day like this while browsing.
| You saved me.
| nottorp wrote:
| > However the output is collapsed by default because it's
| very long.
|
| Top poster did not read the article :)
| iJohnDoe wrote:
| Seems more privacy focused than Microsoft and Apple? So sad to
| even think that. Also, remember that China wouldn't use Windows
| 10 due to how invasive the telemetry is unless Microsoft gave
| them a special version just for China.
|
| I'm not saying that NK or China are privacy focused. It seems
| like even the spies don't like to be spied on.
| sh0 wrote:
| As far as I remember the Red Star kernel has a module which
| modifies all opened images and documents by appending a device
| fingerprint to the file. In fact it is a chain of fingerprints
| to trace where the file has been.
|
| So not exactly 'privacy focused'.
| trasz wrote:
| [citation needed]. That would break a whole lot of things,
| and the kernel would be a silly place to implement it.
| throwaway4good wrote:
| China also insisted on and got its own version of the trusted
| platform module, a chip that is present on all pcs that can run
| windows.
|
| Rather than ridiculing what countries such as China or North
| Korea do in the name of national security, we tech people
| should pay strict attention as here are hints on how our own
| daily technology is being surveilled and controlled.
| Iolaum wrote:
| WoW I didn't know about this,
|
| Here's a quick results about TPM's not being available in
| China for people interested in this:
| https://www.makeuseof.com/why-chinese-users-cant-upgrade-
| win...
| vadfa wrote:
| Off-topic: the font in this blog renders very poorly. I know the
| solution is to disable remote fonts in ublock origin, but that
| means that websites that use fonts to show icons will not work
| properly. Has anybody found a solution?
| capableweb wrote:
| Not sure what you mean with "renders very poorly", is it just
| the font that doesn't look good for you or seems like a bug?
|
| This is how it looks for me on Firefox/Ubuntu:
| https://imgur.com/a/WFx2okh
|
| Seems fine, although I'd probably choose a different font
| myself.
| stordoff wrote:
| This is what it looks like for me (Chrome/Windows 10):
| https://i.ibb.co/LgDwp8x/redstar.png
|
| Readable, but looks odd - things like the crossbars on ts
| look too heavy.
|
| Zooming in slightly clears it up:
| https://i.ibb.co/5L6R7MF/redstar2.png
| GekkePrutser wrote:
| They probably use it mostly in Korean anyway so I don't think
| the English character rendering matters very much to them.
| After all they only have access to a national "intranet"
| which will probably also be in Korean.
|
| Ps: yes a lot of assumptions here but it's North Korea :)
| 0des wrote:
| > Has anybody found a solution?
|
| Frontend designers should stop using remote fonts, or fonts at
| all, for icons.
| capableweb wrote:
| And all bad programmers should stop being bad programmers,
| easy.
|
| Maybe if you don't have something useful to add to the
| conversation, you should refrain from adding anything at all.
| vadfa wrote:
| Found the designer.
| [deleted]
| RicoElectrico wrote:
| I can also see it. It must be a Firefox bug. Reduce zoom to
| whatever it takes to counter your DPI scaling.
| ttz wrote:
| anyone know how get that miller column KFinder app outside of
| installing RedStar? Don't actually think anything exists like
| that for Linux (minus Elementary File Manager)
| steviedotboston wrote:
| this always looked surprisingly well polished to me.
| emteycz wrote:
| Why is it surprising that the top 1% programmers of an entire
| country (many of them probably with western education) can
| produce quality software when put under deadly threat?
| johannes1234321 wrote:
| The top 1% won't work on that.
|
| The top 1% either work on surveillance (domestic and
| foreign), rocket control, hacking etc. to strengthen the
| state or for outside companies (I remember a German story
| about somebody regularly printing out android API docs for
| their team in North Korea) to bring money.
| thriftwy wrote:
| I don't think that any programmers in the DPRK will have
| access to western education.
|
| People who do are many, many tiers up.
| emteycz wrote:
| At the very least, western educators are coming to them -
| there were articles about that on HN.
|
| https://www.vice.com/en/article/z4m8qx/how-to-teach-
| computer...
| nix23 wrote:
| https://www.youtube.com/watch?v=JLDFAABtxfw
|
| It's about north koreans who go ito other country's to make
| lots of money/spying/education and send the dollars/intel
| back to NK.
|
| Found it just in German...sorry
| whimsicalism wrote:
| Look the government of NK sucks, but I think your model of
| the world is wrong if you think they are being forced to
| build this operating system under deadly threat. I doubt they
| had to take this job, it is probably a pretty prestigious one
| in NK society.
| boomboomsubban wrote:
| Plus plenty of people in other countries do the same work
| as their hobby. I doubt North Koreans needed any coercion
| to build it.
| imwillofficial wrote:
| The assumes that's how they are motivated. We also know
| quality suffers with a gun to your head.
|
| They are far more likely to produce quality work by
| patriotism or material rewards.
| emteycz wrote:
| I don't think they had a gun to their head literally, or
| that the threat was voiced - but IMHO not many of them
| would defy the order and definitely would not try to make
| the project slow down or fail, due to the implied threat of
| "disappearance".
|
| > They are far more likely to produce quality work by
| patriotism or material rewards.
|
| Is that really what you feel as a programmer that has to
| take free and open software and make it closed and spying
| while pretending it was your country that made the entire
| OS and apps and it's not just a rebrand?
|
| I can agree with the material rewards. DPRK can probably
| make the best offers - maybe they're not paying in USD but
| most probably still enough to have a house/skyscraper
| apartment, servants, personal chef and driver, etc.
| imwillofficial wrote:
| I have done far far worse in the name of God and Country.
| typon wrote:
| I knew a South Korean prof who chose to live in North Korea
| (as a philanthropic act) and teach at their top university
| (His research was in Embedded Electronics). Conversations
| with him completely changed my mind on North Korea, because
| prior to that my only context was through American/Canadian
| mainstream media (read: propaganda). I still think its a
| dictatorial regime that needs to be abolished and the North
| Korean people deserve democracy, but the day to day life of
| an average North Korean residing in a large city is not very
| different than any of us here.
| edm0nd wrote:
| Imagine being a North Korea simp like this.
| hutzlibu wrote:
| "but the day to day life of an average North Korean
| residing in a large city is not very different than any of
| us here."
|
| Sure thing, I had to sneak out into the woods as well, to
| set my black pirated satellite internet connection up.
|
| "Internet access is not generally available in North Korea.
| Only some high-level officials are allowed to access the
| global internet.[47] In most universities, a small number
| of strictly monitored computers are provided.
|
| https://en.wikipedia.org/wiki/Censorship_in_North_Korea#Int
| e..."
| LogonType10 wrote:
| When people say Hacker News doesn't have an intense bias
| I'll just link this comment.
| pessimizer wrote:
| The comment where a single person said that they heard
| that the elites of North Korea have fairly normal daily
| lives?
|
| Are you saying that HN is biased because they haven't
| deleted the comment and tried to have the poster arrested
| for supporting terrorism?
| LogonType10 wrote:
| I can link to your comment too where you imply that the
| bad news about North Korea is just defense contractor
| propaganda. Thanks!
| kenned3 wrote:
| This.
|
| If anyone thinks North America isn't actively involved in
| propaganda as well, they are delusional.
|
| The amount of "anti-china" comments i come across on the
| internet is shocking, and I can tell the posters have never
| left the US, let alone been to the country of their
| targeted "hate". Where do these strong views come from if
| they haven't been there, and probably have minimal contact
| with people who have?
| LogonType10 wrote:
| Probably comes from the fact that you can't meet North
| Koreans because the ones who try to leave get shot.
| pessimizer wrote:
| You can meet North Koreans. US media generally doesn't
| have any interest in meeting them because they don't
| always answer questions about North Korea in the required
| way. US media prefers its North Koreans either silent or
| pitched to them by the wholly funded thinktanks of
| defense contractors.
| another_story wrote:
| One should separate anti-China with anti-CCP. The
| majority of comments are not the former, but the latter,
| and for good reason, as the CCP itself works in
| opposition to the Chinese people much of the time.
| TeeMassive wrote:
| Everything that has the eyes of the leaders of an oppressive
| regime has to look good and well polished.
| bierjunge wrote:
| If somebody wants to give it a try:
| https://securedl.cdn.chip.de/downloads/30157394/redstar_desk...
| (hosted by chip.de, a german low quality "IT" news
| site/magazine).
|
| 4.0 is released, but I couldn't find it anywhere. Ping me if you
| have it!
| pndy wrote:
| https://youtu.be/8LGDM9exlZw - Florian Grunow and Niklaus
| Schiess, _Lifting the Fog on Red Star OS - A deep dive into the
| surveillance features of North Korea 's operating system_
|
| The bit more detailed view, I'd say
| [deleted]
| marcodiego wrote:
| "The system is absolutely network-silent except when you actively
| do something that requires network access, like using the
| browser. It does not call the mothership, not for updates, not
| for telemetry, not to let Kim Jong Un know the status of your
| internal organs. Spoiler, he doesn't give a fuck about your
| hentai porn. "
|
| Take that, Microsoft!
| 404mm wrote:
| I recall reading a different "review" a few years back and they
| found it calling back home.
| emteycz wrote:
| The OS seems to be re-developed from scratch each version.
| Perhaps it has changed.
| MisterTea wrote:
| Sounds like they finally worked out all the bugs from their
| malware and it is that much harder to detect.
| danielvaughn wrote:
| In a former job, I had to inspect network traffic on my mac. So
| I install Charles, open it up, and start looking around. I was
| astounded how much network activity is going on that I _had no
| idea about_.
| dannyw wrote:
| Apple would never write software that scans your files and
| reports material your XOR USG does not like, without your
| knowledge.
| glitchc wrote:
| This must be sarcasm.
| tankenmate wrote:
| Poe's Law in action.[0]
|
| [0] https://en.wikipedia.org/wiki/Poe's_law
| jraph wrote:
| This is an instance of "X would never do Y" with Y a
| quite specific thing.
|
| Which I usually take for sarcasm.
|
| Here I'm quite sure it is a reference to a quite recent
| event.
| Iolaum wrote:
| Yes it is:
|
| https://www.eff.org/deeplinks/2021/08/if-you-build-it-
| they-w...
| wikidani wrote:
| There was a linux distro I checked out a few years ago that
| routed every connection through tor and also asked for
| permission for every app connecting to the internet and I was
| similarly astounded by the fact that pretty much everything
| is sending some sort of data and people knew nothing about
| handrous wrote:
| Yeah, even Linux is crazy-chatty these days. I miss
| sniffing packets on a home or small office network and
| being able to follow what was going on without any filters.
| Now even on a smallish network, all your "idle" devices are
| spitting out packets constantly, so with "nothing going on"
| WireShark scrolls so fast with 20+ different interwoven
| conversations that it's impossible to follow. And god
| forbid you have any browser tabs open, since so many chat
| constantly in the background now.
|
| Everyone decided that "telemetry" isn't spying and is
| totally fine (it obviously fucking is and it absolutely is
| not, respectively). Plus stuff like Bonjour came along.
| beebeepka wrote:
| Which distro are you talking about?
| reaperducer wrote:
| Macs have always had incredible network use, even way back in
| the dialup days when I started working with them.
|
| The software seems to be designed to assume a perfect,
| exceedingly fat network connection at all times, and that all
| processes can do what they want with it.
|
| In all the years I've been using Macs, as far as I can tell,
| there is nothing in the OS that says, "Oh, the person is
| sending e-mail over a crappy cellular connection. Maybe now
| is not the best time to download a multi-gigabyte software
| update."
|
| I don't know what the situation is like on the Windows side,
| but I've always assumed that Apple bungs gigabit ethernet
| into the houses and cubicles of all of its developers, and
| they never have to connect to things in the real world.
| mistrial9 wrote:
| this needs clarification -- the Operating System under Mac
| OSX is designed during the Great-TCPIP-Expansion, and is
| NOT chatty, in fact things that were chatty were slapped
| down regularly. Since then, the MBAs at Apple Inc have
| built their "I Phoney" world, and certainly have added
| stupid chat. The details matter, for those that wish to
| move forward
| npteljes wrote:
| This is something that black-box testing can never really
| verify. Behavior could be altered by the VM, by detecting that
| it's not in NK, be triggered sometime later, after typing an
| entry from a list, and so on.
|
| And it's not like Microsoft gives too much fuck about anyone's
| hentai porn.
| hulitu wrote:
| Microsoft not, but one of their client maybe.
| bellyfullofbac wrote:
| Ha, since MS is selling ads (e.g. [1], [2]), they really
| should (/s) profile your por^W media viewing habits, and
| sell ad space to por^W media providers.
|
| "Hey, you enjoy hentai (based on hashes of videos you
| watched last month, yes, we know you watched cumulatively
| 15 hours of the stuff, and hours more searching for them on
| torrent sites), enjoy 15% off of premium subscription to
| hentaihub, this month only!"
|
| [1] https://www.xda-developers.com/microsoft-edge-buy-now-
| pay-la... , HN discussion:
| https://news.ycombinator.com/item?id=29288052
|
| [2] https://answers.microsoft.com/en-
| us/windows/forum/windows_10...
| nix23 wrote:
| The NSA i pretty interested in nudes and hentai.
| [deleted]
| _adamb wrote:
| This could be true, or it could recognize that it is running in
| a VM and change its behavior. This is a somewhat common trait
| of malware meant to throw off security researchers.
| ROARosen wrote:
| > or it could recognize that it is running in a VM and change
| its behavior.
|
| Agree. I would go even further to state this probably comes
| pre-installed on any computer using it but anyone allowed
| access is only as standard user with the root user locked
| (maybe as standard user you do get monitored?)
| dheera wrote:
| Why are VMs so bad at virtualizing?
|
| An ideal VM should be indistinguishable from a real machine.
|
| For example a virtualized system running Android should
| generate fake IMU data, not sit at 0 linear acceleration all
| the time. And have a real-looking fake IMEI, not a string of
| 0s.
| rwmj wrote:
| Hi, virt engineer here. Partly because it a very hard
| problem (in fact, theoretically impossible if you include
| timing attacks), but mainly because you don't _need_ to
| emulate the hardware very accurately in order to get common
| operating systems to run. Getting them to run is all that
| we 're paid to do, and that's a difficult enough job
| already.
|
| One strange aspect of this is that only a narrow range of
| current OSes run under virtualization. Qemu is great for
| running, say, current versions of Linux or Windows, but
| absolutely terrible if you try to run Linux 1.0 or Windows
| 95 or Solaris/x86 or any uncommon OS. (I tried a few of
| these several years ago out of curiosity, and none of them
| would even boot.) The reason is that we don't emulate
| enough of the corner cases in CPUs and devices to run those
| operating systems. eg. The SATA device only emulates the
| commands issued by drivers of modern operating systems, not
| every single command and dark corner of the real hardware.
|
| To be fair there are emulators that try much harder to be
| cycle accurate, especially the ones designed to run old
| games. The MisTER is the current king here, but that uses
| an expensive FPGA and can just about emulate a 486 PC.
| anthk wrote:
| That's bullshit because Qemu it's an emulator too, so it
| will run Solaris and W95 perfectly.
|
| I am not a virt engineer but I could run W95, OS2 and
| heck, even Mac OS 9 under Qemu, recently.
|
| Seriously, if you are a virt engineer, drop your title
| down :).
|
| Qemu has an ISA pc module, and you need to disable kvm
| just to be sure. Set the CPU to Pentium and everything
| will be fine.
| rwmj wrote:
| You might want to experiment yourself before making bold
| assertions, because you are wrong. I've just tried these
| (with qemu-system-x86-6.0.0-7.fc35.x86_64):
|
| *
| _Microsoft_Windows_NT_Server_Version_4.0_227-075-385_CD-
| KEY_419-1343253_1996.iso (1996, own copy)_
|
| Installer starts, locks up with screen corruption about 5
| seconds in.
|
| * _https://archive.org/details/windows-95_fixcpu_iso_wind
| ows_is... (1994-ish)_
|
| Cannot read the emulated CD-ROM.
|
| * _https://archive.org/details/redhat-9.0_release (2003)_
|
| Installer boots, but fails at partitioning stage, the
| first time it accesses the disk.
|
| * _https://archive.org/details/IBMOS2Warp4Collection
| (1996)_
|
| Cannot read the emulated CD-ROM.
|
| * _Plan 9, 4th ed. (2003, own copy)_
|
| Gets quite far, up to the login, although with a lot of
| errors, but later hangs hard. (Out of all of them this
| looks closest to being possible to make work.)
|
| I can also tell you that we're moving away from emulating
| i440fx entirely (to q35), and nothing prior to 2005 will
| work once that change has been made. In addition, changes
| to how virtio works means that guests before about 2010
| that use virtio will have problems unless you take
| special steps.
| xattt wrote:
| How does software-based x86 emulation (ie OG Connectix
| Virtual PC) compare to current hardware-assisted
| virtualization? Were older methods more cycle accurate
| than what's in use now?
| emteycz wrote:
| You reminded me of my father showing up home one time
| (around 2005, I was 7-8) proudly showing a random CD.
| Then after few hours he called to show off a virtual
| Windows 98 PC running in a window on our Windows XP
| computer. I was fascinated, total awe for a few minutes.
| Virtual PC became the basis for my experimentation with
| Windows Server 2003 and newer + Windows clients (even
| multiple networked PCs ran nicely!), later Linux servers
| inside Virtualbox, and led to my career in software
| engineering.
|
| Anyways to answer your question, Virtual PC and
| VirtualBox can fully run old as well as new software, and
| the performance hit is not that bad (I ran multiple
| virtualized Windows Servers when a PC had 1GB of RAM).
| However more modern virtualization methods can offer bare
| metal-like performance, which Virtual PC/Virtualbox will
| never be able to make.
| xattt wrote:
| Thank you for your answer but also thank you for making
| me feel like I'm an old man.
|
| I was in my last year of high school around the time you
| mentioned when I was experimenting with running Windows
| NT with a copy of Virtual PC.
| swayvil wrote:
| So step 1 is to emulate the world within which the
| emulated machine exists?
| johnsoft wrote:
| Real hardware is finicky and complex. It would be very slow
| to virtualize every hardware device in a system to a level
| not distinguishable to software. If you do shoot for
| complete accuracy (e.g. projects like 86Box), you take at
| least a ~100x performance hit, and also lose out on useful
| features like dragging files into/out of the VM.
| ethbr0 wrote:
| For anyone interested in this, read through the Dolphin
| emulator reports [0].
|
| Specifically, look for examples of bugs they've fixed,
| and why they were triggered.
|
| At this point, they're essentially all of the "X software
| depended on a quirk of Y feature, to do (whatever),
| because the developers chose to do it that way." For that
| one specific piece of software, and nowhere else.
|
| And that's for a game console with highly standardized
| hardware and libraries. The general purpose computer has
| a bit larger mutation surface. :-)
|
| Or, to crib from another sibling poster,
|
| "You have a million places to make sure your
| virtualization looks like the actual artifact. Of those,
| 100 are used by everything, 1,000 are used by many
| things, and 10,000 are used by a few things. The
| remainder may be used by some piece of software out
| there, somewhere."
|
| "You have a year to build a working product. Are you
| going to implement and equally test all million things?"
|
| [0] https://dolphin-emu.org/blog/
| selfhoster11 wrote:
| The goal is usually cooperative virtualisation, not
| adversarial virtualisation. Most people don't need to hide
| that the environment is a VM, because the OS and
| applications by and large don't care about that.
| efficax wrote:
| VM detection and escape (breaking through the VM to access
| the host machine) is an active area of research and a very
| hard nut to crack. It's trench warfare!
| Latty wrote:
| > An ideal VM should be indistinguishable from a real
| machine.
|
| Ideal for what purpose?
|
| virtio is a good example of where that breaks down. For a
| lot of use cases, directly exposing an explicitly virtual
| device rather than emulating real hardware can be _much_
| more efficient and avoid bugs.
|
| For example, it may help a virtualised system avoid some
| layers of caching or optimisation if they are redundant
| because they are nested inside a system already doing that.
|
| Making your VM indistinguishable from real hardware is nice
| for some use cases, absolutely, but in many it isn't what
| you want.
| dheera wrote:
| > Ideal for what purpose?
|
| To shove it at companies like Tencent who will ban you
| for trying to run WeChat in a virtual machine, and
| restore freedom to the user to run software how they
| want. WeChat also randomly scans for Wi-Fi networks, I'm
| guessing they sniff VMs with tricks like that.
|
| It should also be a violation of disability law to force
| users to use a hardware mobile phone to run a particular
| piece of software. VMs open the doors to custom
| accessibility solutions.
|
| They shouldn't even have the right to know what it's
| running on, they should just hand me bytecode of a
| _suggested_ (but not required) client, and open a port on
| their server for service.
|
| Also in general to shove it at any company with potential
| spyware. I _always_ run unknown closed-source software in
| a VM and I should have the basic _right_ to do that. But
| sometimes those companies try to detect VMs. If the VM
| engine is good enough they shouldn 't be able to.
| Latty wrote:
| Sure, my point wasn't that there is no use case, just
| that there are use cases where it isn't necessary and--
| more than that--is counterproductive
| LeanderK wrote:
| I talked to a security researcher about it a few years ago
| and as I understood it it's a cat and mouse game. They are
| trying to mimic real phones but the malware authors always
| find a new way to tell whether it's fake.
| imwillofficial wrote:
| I'm not aware of any steps security researches take to
| obscure the fact they are running in a VM from malware.
| luch wrote:
| now you do : https://github.com/Cisco-Talos/vboxhardening
| imwillofficial wrote:
| Thank you!
| [deleted]
| BruceEel wrote:
| Purely based on the screenshots, I'd say that as UI design,
| theming and 'chrome' go, I'll take this over my current macOS
| (Big Sur) any day...
| pndy wrote:
| Florian Grunow and Niklaus Schiess, _Lifting the Fog on Red Star
| OS - A deep dive into the surveillance features of North Korea 's
| operating system_ [1]
|
| [1] - https://youtu.be/8LGDM9exlZw
|
| The bit more detailed view, I'd say
| pndy wrote:
| Florian Grunow and Niklaus Schiess, _Lifting the Fog on Red Star
| OS - A deep dive into the surveillance features of North Korea 's
| operating system_ [1]
|
| [1] -
| https://media.ccc.de/v/32c3-7174-lifting_the_fog_on_red_star...
| (it's also available on YT which for some reason I couldn't link
| in this comment - perhaps some anti-spam measurment?)
|
| The bit more detailed view, I'd say
| eatbitseveryday wrote:
| You have two other top-level comments with the same YouTube
| URL.
___________________________________________________________________
(page generated 2021-11-23 23:01 UTC)